what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 26 RSS Feed

Files Date: 2022-05-17

Ubuntu Security Notice USN-5427-1
Posted May 17, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5427-1 - Muqing Liu and neoni discovered that Apport incorrectly handled detecting if an executable was replaced after a crash. A local attacker could possibly use this issue to execute arbitrary code as the root user. Gerrit Venema discovered that Apport incorrectly handled connections to Apport sockets inside containers. A local attacker could possibly use this issue to connect to arbitrary sockets as the root user.

tags | advisory, arbitrary, local, root
systems | linux, ubuntu
advisories | CVE-2021-3899, CVE-2022-1242, CVE-2022-28652, CVE-2022-28654, CVE-2022-28655, CVE-2022-28656, CVE-2022-28657, CVE-2022-28658
SHA-256 | 4a7a1a4b4a53f12a5e131a2b8e72000ea9e3e0b7606d2ddd406b23a06bd16806
Ubuntu Security Notice USN-5426-1
Posted May 17, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5426-1 - Jakub Wilk discovered that needrestart incorrectly used some regular expressions. A local attacker could possibly use this issue to execute arbitrary code.

tags | advisory, arbitrary, local
systems | linux, ubuntu
advisories | CVE-2022-30688
SHA-256 | af676d991a6b34124aadcbf2af266afeb34a8c6ad65703f679cfe6e1368bd93e
Ubuntu Security Notice USN-5425-1
Posted May 17, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5425-1 - Yunho Kim discovered that PCRE incorrectly handled memory when handling certain regular expressions. An attacker could possibly use this issue to cause applications using PCRE to expose sensitive information. This issue only affects Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 21.10 and Ubuntu 22.04 LTS. It was discovered that PCRE incorrectly handled memory when handling certain regular expressions. An attacker could possibly use this issue to cause applications using PCRE to have unexpected behavior. This issue only affects Ubuntu 14.04 ESM, Ubuntu 16.04 ESM, Ubuntu 18.04 LTS and Ubuntu 20.04 LTS.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2019-20838, CVE-2020-14155
SHA-256 | ea665c758fe5de20b97d3df163ec0752b6694b10d447a57081c46cc5ea9bc553
Lynis Auditing Tool 3.0.8
Posted May 17, 2022
Authored by Michael Boelen | Site cisofy.com

Lynis is an auditing tool for Unix (specialists). It scans the system and available software to detect security issues. Beside security related information it will also scan for general system information, installed packages and configuration mistakes. This software aims in assisting automated auditing, software patch management, vulnerability and malware scanning of Unix based systems.

Changes: Added MALW-3274, PKGS-7346, and PKGS-7395. Modifications have been made to AUTH-9408, FILE-7524, HTTP-6643, KRNL-5788, KRNL-5820, KRNL-5830, KRNL-5830, and PRNT-2308.
tags | tool, scanner
systems | unix
SHA-256 | 98373a4cc9d0471ab9bebb249e442fcf94b6bf6d4e9c6fc0b22bca1506646c63
Apple Security Advisory 2022-05-16-8
Posted May 17, 2022
Authored by Apple | Site apple.com

Apple Security Advisory 2022-05-16-8 - Xcode 13.4 addresses a logic issue and a privilege escalation issue.

tags | advisory
systems | apple
advisories | CVE-2022-24765, CVE-2022-26747
SHA-256 | c266aa12d798ccdb031d143994f826f99d717c888f235ee75d57e681c3161798
Trojan-Ransom.Thanos MVID-2022-0607 Code Execution
Posted May 17, 2022
Authored by malvuln | Site malvuln.com

Thanos ransomware looks for and executes DLLs in its current directory. Therefore, we can potentially hijack a DLL to execute our own code and control and terminate the malware pre-encryption. The exploit DLL will check if the current directory is "C:\Windows\System32" and if not we grab our process ID and terminate. We do not need to rely on hash signatures or third-party products as the malware's own flaw will do the work for us. Endpoint protection systems and or antivirus can potentially be killed prior to executing malware, but this method cannot as there is nothing to kill the DLL that just lives on disk waiting. From a defensive perspective you can add the DLLs to a specific network share containing important data as a layered approach. All basic tests were conducted successfully in a virtual machine environment.

tags | exploit
systems | windows
SHA-256 | 5533b7c50594024a4e1314f9732abe9064dda34616ffe16430cdf34c04e4c992
Ubuntu Security Notice USN-5424-1
Posted May 17, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5424-1 - It was discovered that OpenLDAP incorrectly handled certain SQL statements within LDAP queries in the experimental back-sql backend. A remote attacker could possibly use this issue to perform an SQL injection attack and alter the database.

tags | advisory, remote, sql injection
systems | linux, ubuntu
advisories | CVE-2022-29155
SHA-256 | 622b2eaedb770c0fbeedd05eb4c12c43e234131acf0a55523407bb64c0dc2e6d
SDT-CW3B1 1.1.0 Command Injection
Posted May 17, 2022
Authored by Ahmed Alroky

SDT-CW3B1 version 1.1.0 suffers from a command injection vulnerability.

tags | exploit
advisories | CVE-2021-46422
SHA-256 | 8860761838526038594fcc60341f30b6ce5d75e287ff95719536bb39ccf39c13
Online Discussion Forum Site 1.0 SQL Injection
Posted May 17, 2022
Authored by Saud Alenazi

Online Discussion Forum Site version 1.0 suffers from a remote blind SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 4ee8e26b03aaab698cd44b2e3b37998f1e0a8d62d370fcb6c7a0fa3cfbbfada8
Ubuntu Security Notice USN-5423-1
Posted May 17, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5423-1 - Michał Dardas discovered that ClamAV incorrectly handled parsing CHM files. A remote attacker could possibly use this issue to cause ClamAV to stop responding, resulting in a denial of service. Michał Dardas discovered that ClamAV incorrectly handled parsing TIFF files. A remote attacker could possibly use this issue to cause ClamAV to stop responding, resulting in a denial of service. Michał Dardas discovered that ClamAV incorrectly handled parsing HTML files. A remote attacker could possibly use this issue to cause ClamAV to consume resources, resulting in a denial of service.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2022-20770, CVE-2022-20771, CVE-2022-20785, CVE-2022-20792, CVE-2022-20796
SHA-256 | 8a7e6d56f5558ae8bd78cd46e08c6dd48ba55d4079f3389737d0e448d3eb3555
Showdoc 2.10.3 Cross Site Scripting
Posted May 17, 2022
Authored by Akshay Ravi

Showdoc versions 2.10.3 and below suffer from a persistent cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2022-0967
SHA-256 | 9794c5dc51ff960938f2de93bd6a7f9916dd3f208482681592b1d965acd7691a
OpenCart So Listing Tabs 2.2.0 Unsafe Deserialization
Posted May 17, 2022
Authored by Daniil Sigalov, Maxim Malkov, Denis Mironov, Dmitry Pavlov, Alexey Smirnov

OpenCart So Listing Tabs component versions 2.2.0 and below suffer from a deserialization vulnerability that can allow for arbitrary file writes.

tags | exploit, arbitrary
advisories | CVE-2022-24108
SHA-256 | 3bfd18c825f10a8abfe964c1ea209688517e067de8a3b9c084594fcd34b53d85
Ubuntu Security Notice USN-5311-2
Posted May 17, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5311-2 - USN-5311-1 released updates for contained. Unfortunately, a subsequent update reverted the fix for thisCVE by mistake. This update corrects the problem. It was discovered that containerd allows attackers to gain access to read- only copies of arbitrary files and directories on the host via a specially- crafted image configuration. An attacker could possibly use this issue to obtain sensitive information.

tags | advisory, arbitrary
systems | linux, ubuntu
advisories | CVE-2022-23648
SHA-256 | bf0c845e991aeba0eca65f4b23d29f729ad0f1896214182e1ae0fa304a019039
Apple Security Advisory 2022-05-16-7
Posted May 17, 2022
Authored by Apple | Site apple.com

Apple Security Advisory 2022-05-16-7 - Safari 15.5 addresses code execution and use-after-free vulnerabilities.

tags | advisory, vulnerability, code execution
systems | apple
advisories | CVE-2022-26700, CVE-2022-26709, CVE-2022-26716, CVE-2022-26717, CVE-2022-26719
SHA-256 | 767022408f3eea396ba6ad75f3fb2a82e28d7de55bff343e4643bc50e80db3a4
Apple Security Advisory 2022-05-16-6
Posted May 17, 2022
Authored by Apple | Site apple.com

Apple Security Advisory 2022-05-16-6 - tvOS 15.5 addresses bypass, code execution, integer overflow, out of bounds access, out of bounds write, and use-after-free vulnerabilities.

tags | advisory, overflow, vulnerability, code execution
systems | apple
advisories | CVE-2022-22675, CVE-2022-23308, CVE-2022-26700, CVE-2022-26701, CVE-2022-26702, CVE-2022-26706, CVE-2022-26709, CVE-2022-26710, CVE-2022-26711, CVE-2022-26714, CVE-2022-26716, CVE-2022-26717, CVE-2022-26719, CVE-2022-26724, CVE-2022-26736, CVE-2022-26737, CVE-2022-26738, CVE-2022-26739, CVE-2022-26740, CVE-2022-26745, CVE-2022-26757, CVE-2022-26763, CVE-2022-26764, CVE-2022-26765, CVE-2022-26766, CVE-2022-26768
SHA-256 | 5480893244307a0f7793b1e15ce9f59e15579367d1804417f9bc81c154d6f4ac
Apple Security Advisory 2022-05-16-5
Posted May 17, 2022
Authored by Apple | Site apple.com

Apple Security Advisory 2022-05-16-5 - watchOS 8.6 addresses bypass, code execution, integer overflow, out of bounds access, out of bounds write, and use-after-free vulnerabilities.

tags | advisory, overflow, vulnerability, code execution
systems | apple
advisories | CVE-2022-22675, CVE-2022-23308, CVE-2022-26700, CVE-2022-26702, CVE-2022-26706, CVE-2022-26709, CVE-2022-26710, CVE-2022-26711, CVE-2022-26714, CVE-2022-26716, CVE-2022-26717, CVE-2022-26719, CVE-2022-26726, CVE-2022-26745, CVE-2022-26757, CVE-2022-26763, CVE-2022-26764, CVE-2022-26765, CVE-2022-26766, CVE-2022-26768, CVE-2022-26771
SHA-256 | fcb6dedf7ecf800ff5544046d1316a1df6c389b573da6a5559a7fdfb740d5acd
T-Soft E-Commerce 4 SQL Injection
Posted May 17, 2022
Authored by Alperen Ergel

T-Soft E-Commerce version 4 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 45b5224650ea3cb883a0c405f3c4d76eef8cc2dbc8f3fb98282c4ea633d2e202
T-Soft E-Commerce 4 Cross Site Scripting
Posted May 17, 2022
Authored by Alperen Ergel

T-Soft E-Commerce version 4 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | a38f9872c25051fb5d40689975a5a643292512cac28208caeaa677228ed3e251
WordPress Tatsu Builder Remote Code Execution
Posted May 17, 2022
Authored by Vincent Michel | Site wordfence.com

WordPress Tatsu Builder plugin versions prior to 3.3.13 suffer from an unauthenticated remote code execution vulnerability.

tags | advisory, remote, code execution
advisories | CVE-2021-25094
SHA-256 | 632f285a1a3ec46f04fb233958d273d11b2e22568b10b2920f52c77d06e276ea
Apple Security Advisory 2022-05-16-4
Posted May 17, 2022
Authored by Apple | Site apple.com

Apple Security Advisory 2022-05-16-4 - Security Update 2022-004 Catalina addresses bypass, code execution, denial of service, integer overflow, out of bounds access, out of bounds read, out of bounds write, and use-after-free vulnerabilities.

tags | advisory, denial of service, overflow, vulnerability, code execution
systems | apple
advisories | CVE-2018-25032, CVE-2021-44224, CVE-2021-44790, CVE-2021-45444, CVE-2022-0530, CVE-2022-0778, CVE-2022-22589, CVE-2022-22663, CVE-2022-22665, CVE-2022-22674, CVE-2022-22719, CVE-2022-22720, CVE-2022-22721, CVE-2022-23308, CVE-2022-26697, CVE-2022-26698, CVE-2022-26714, CVE-2022-26715, CVE-2022-26720, CVE-2022-26721, CVE-2022-26722, CVE-2022-26726, CVE-2022-26727, CVE-2022-26728, CVE-2022-26746, CVE-2022-26748
SHA-256 | 1457e96d61b184fbf3ed170c9802dbce7d15ed833ab54d7784b078ed15b160e1
Apple Security Advisory 2022-05-16-3
Posted May 17, 2022
Authored by Apple | Site apple.com

Apple Security Advisory 2022-05-16-3 - macOS Big Sur 11.6.6 addresses bypass, code execution, denial of service, out of bounds access, out of bounds read, out of bounds write, and use-after-free vulnerabilities.

tags | advisory, denial of service, vulnerability, code execution
systems | apple
advisories | CVE-2018-25032, CVE-2021-4136, CVE-2021-4166, CVE-2021-4173, CVE-2021-4187, CVE-2021-4192, CVE-2021-4193, CVE-2021-44224, CVE-2021-44790, CVE-2021-45444, CVE-2021-46059, CVE-2022-0128, CVE-2022-0530, CVE-2022-0778, CVE-2022-22589, CVE-2022-22663, CVE-2022-22665, CVE-2022-22674, CVE-2022-22675, CVE-2022-22719, CVE-2022-22720, CVE-2022-22721, CVE-2022-23308, CVE-2022-26697, CVE-2022-26698, CVE-2022-26706, CVE-2022-26712
SHA-256 | af1dee885ed55571356a89ad5ec67b39171a32fbf8125781c35f906717d83516
Survey Sparrow Enterprise Survey Software 2022 Cross Site Scripting
Posted May 17, 2022
Authored by Pankaj Kumar Thakur

Survey Sparrow Enterprise Survey Software 2022 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2022-29727
SHA-256 | afd7b7d6dc71690c8e9b74e168637e22184d16b38d583b0e4f0fc7f27fe83aad
Apple Security Advisory 2022-05-16-2
Posted May 17, 2022
Authored by Apple | Site apple.com

Apple Security Advisory 2022-05-16-2 - macOS Monterey 12.4 addresses buffer overflow, bypass, code execution, denial of service, integer overflow, out of bounds access, out of bounds read, out of bounds write, and use-after-free vulnerabilities.

tags | advisory, denial of service, overflow, vulnerability, code execution
systems | apple
advisories | CVE-2018-25032, CVE-2021-44224, CVE-2021-44790, CVE-2021-45444, CVE-2022-0530, CVE-2022-0778, CVE-2022-22677, CVE-2022-22719, CVE-2022-22720, CVE-2022-22721, CVE-2022-23308, CVE-2022-26693, CVE-2022-26694, CVE-2022-26697, CVE-2022-26698, CVE-2022-26700, CVE-2022-26701, CVE-2022-26704, CVE-2022-26706, CVE-2022-26708, CVE-2022-26709, CVE-2022-26710, CVE-2022-26711, CVE-2022-26712, CVE-2022-26714, CVE-2022-26715
SHA-256 | c8eee02086d45b9c9a2776ce254bee0daede9360e0231556fd5fec341d3407c0
Apple Security Advisory 2022-05-16-1
Posted May 17, 2022
Authored by Apple | Site apple.com

Apple Security Advisory 2022-05-16-1 - iOS 15.5 and iPadOS 15.5 addresses bypass, code execution, denial of service, integer overflow, out of bounds access, out of bounds write, and use-after-free vulnerabilities.

tags | advisory, denial of service, overflow, vulnerability, code execution
systems | apple, ios
advisories | CVE-2015-4142, CVE-2022-22673, CVE-2022-22677, CVE-2022-23308, CVE-2022-26700, CVE-2022-26701, CVE-2022-26702, CVE-2022-26703, CVE-2022-26706, CVE-2022-26709, CVE-2022-26710, CVE-2022-26711, CVE-2022-26714, CVE-2022-26716, CVE-2022-26717, CVE-2022-26719, CVE-2022-26731, CVE-2022-26736, CVE-2022-26737, CVE-2022-26738, CVE-2022-26739, CVE-2022-26740, CVE-2022-26744, CVE-2022-26745, CVE-2022-26751, CVE-2022-26757
SHA-256 | dde1d552c35f2995a88956c43d2ed8e85b607bc8d90f69562c2416a22d95e796
Ubuntu Security Notice USN-5422-1
Posted May 17, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5422-1 - Shinji Sato discovered that libxml2 incorrectly handled certain XML files. An attacker could possibly use this issue to cause a crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 14.04 ESM, and Ubuntu 16.04 ESM. It was discovered that libxml2 incorrectly handled certain XML files. An attacker could possibly use this issue to cause a crash or execute arbitrary code.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2022-23308, CVE-2022-29824
SHA-256 | 8c3c6b611abb6723add14e9eb03ff8250dbd63ea52e2453efb3197d19614ea63
Page 1 of 2
Back12Next

File Archive:

May 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    44 Files
  • 2
    May 2nd
    5 Files
  • 3
    May 3rd
    11 Files
  • 4
    May 4th
    0 Files
  • 5
    May 5th
    0 Files
  • 6
    May 6th
    28 Files
  • 7
    May 7th
    3 Files
  • 8
    May 8th
    4 Files
  • 9
    May 9th
    54 Files
  • 10
    May 10th
    12 Files
  • 11
    May 11th
    0 Files
  • 12
    May 12th
    0 Files
  • 13
    May 13th
    17 Files
  • 14
    May 14th
    11 Files
  • 15
    May 15th
    17 Files
  • 16
    May 16th
    13 Files
  • 17
    May 17th
    22 Files
  • 18
    May 18th
    0 Files
  • 19
    May 19th
    0 Files
  • 20
    May 20th
    17 Files
  • 21
    May 21st
    18 Files
  • 22
    May 22nd
    7 Files
  • 23
    May 23rd
    111 Files
  • 24
    May 24th
    0 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close